// 模拟安全事件数据
const mockSecurityEvents = [
    {
        id: "event-001",
        name: "高危SQL注入攻击",
        threatLevel: "high",
        attackChainStage: "利用",
        status: "pending",
        timestamp: "2024-01-20T14:30:00Z",
        attackType: "Web攻击",
        description: "检测到针对核心业务系统的SQL注入攻击尝试，攻击者尝试通过参数注入获取敏感数据。",
        sourceIP: "198.51.100.78",
        targetIP: "10.10.5.24",
        targetHostname: "web-server-01",
        attackType: "Web攻击",
        attackChain: [
            { stage: "侦察", completed: true, timestamp: "2024-01-20T14:25:00Z" },
            { stage: "武器化", completed: true, timestamp: "2024-01-20T14:27:00Z" },
            { stage: "交付", completed: true, timestamp: "2024-01-20T14:28:00Z" },
            { stage: "利用", completed: true, current: true, timestamp: "2024-01-20T14:30:00Z" },
            { stage: "安装", completed: false },
            { stage: "命令控制", completed: false },
            { stage: "目标达成", completed: false }
        ],
        affectedAssets: [
            { id: "asset-001", ip: "10.10.5.24", hostname: "web-server-01", type: "Web服务器", threatLevel: "high" },
            { id: "asset-002", ip: "10.10.6.15", hostname: "db-server-01", type: "数据库服务器", threatLevel: "medium" }
        ],
        payload: {
            raw: "SELECT * FROM users WHERE id=1 OR 1=1 --",
            hex: "53454C454354202A2046524F4D2075736572732057484552452069643D31204F5220313D31202D2D",
            ascii: "SELECT * FROM users WHERE id=1 OR 1=1 --",
            hash: "SHA256: a7d4f8c6a9c9d5d5b7b0a4e2f5e7c6b9a8d7e5f6c4b3a2d1e0f9g8h7i6j5k4l3",
            extractedFeatures: [
                "SQL关键字: SELECT",
                "SQL注入模式: OR 1=1",
                "注释符: --"
            ]
        },
        networkTraffic: {
            sourceIP: "198.51.100.78",
            sourcePort: 54321,
            destIP: "10.10.5.24",
            destPort: 80,
            protocol: "HTTP",
            method: "POST",
            url: "/api/login",
            userAgent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36",
            geoLocation: "美国，纽约"
        },
        logs: [
            { timestamp: "2024-01-20T14:25:12Z", source: "WAF", message: "检测到可疑的SQL模式: OR 1=1", severity: "high" },
            { timestamp: "2024-01-20T14:27:30Z", source: "Web服务器", message: "多次尝试访问不存在的端点: /admin/phpmyadmin", severity: "medium" },
            { timestamp: "2024-01-20T14:30:01Z", source: "IDS", message: "确认SQL注入攻击: SELECT * FROM users WHERE id=1 OR 1=1 --", severity: "critical" },
            { timestamp: "2024-01-20T14:30:02Z", source: "数据库", message: "异常查询执行: 读取了过多的用户记录", severity: "high" }
        ],
        threatIntel: [
            { source: "AlienVault OTX", indicator: "198.51.100.78", confidence: 0.85, description: "已知的SQL注入攻击源" },
            { source: "VirusTotal", indicator: "SQL模式: OR 1=1 --", confidence: 0.95, description: "常见的SQL注入payload" },
            { source: "AbuseIPDB", indicator: "198.51.100.78", confidence: 0.75, description: "24小时内有15次滥用报告" }
        ],
        relatedEvents: ["event-002", "event-003"]
    },
    {
        id: "event-002",
        name: "勒索软件感染尝试",
        threatLevel: "critical",
        attackChainStage: "安装",
        status: "analyzing",
        timestamp: "2024-01-20T10:15:00Z",
        attackType: "恶意软件",
        description: "检测到疑似勒索软件感染，系统发现加密行为和典型的勒索信息文件。",
        sourceIP: "203.0.113.42",
        targetIP: "10.10.10.56",
        targetHostname: "file-server-02",
        attackType: "恶意软件",
        attackChain: [
            { stage: "侦察", completed: true, timestamp: "2024-01-20T09:50:00Z" },
            { stage: "武器化", completed: true, timestamp: "2024-01-20T10:00:00Z" },
            { stage: "交付", completed: true, timestamp: "2024-01-20T10:10:00Z" },
            { stage: "利用", completed: true, timestamp: "2024-01-20T10:12:00Z" },
            { stage: "安装", completed: true, current: true, timestamp: "2024-01-20T10:15:00Z" },
            { stage: "命令控制", completed: false },
            { stage: "目标达成", completed: false }
        ],
        affectedAssets: [
            { id: "asset-003", ip: "10.10.10.56", hostname: "file-server-02", type: "文件服务器", threatLevel: "critical" },
            { id: "asset-004", ip: "10.10.10.57", hostname: "client-pc-45", type: "终端设备", threatLevel: "high" }
        ],
        payload: {
            raw: "[勒索软件样本片段]",
            hex: "5B4C4F434B45522053414D504C4520465241474D454E545D",
            ascii: "[LOCKER SAMPLE FRAGMENT]",
            hash: "SHA256: b8e7c6d5a4f3e2d1c0b9a8d7e6f5c4b3a2d1e0f9g8h7i6j5k4l3m2n1o0",
            extractedFeatures: [
                "RSA加密模块",
                ".encrypted文件扩展名",
                "勒索信息模板"
            ]
        },
        networkTraffic: {
            sourceIP: "10.10.10.56",
            sourcePort: 49152,
            destIP: "203.0.113.42",
            destPort: 443,
            protocol: "HTTPS",
            method: "POST",
            url: "/api/v1/upload",
            userAgent: "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36",
            geoLocation: "俄罗斯，莫斯科"
        },
        logs: [
            { timestamp: "2024-01-20T10:15:30Z", source: "防病毒软件", message: "检测到恶意软件: WannaCry变种", severity: "critical" },
            { timestamp: "2024-01-20T10:16:00Z", source: "EDR", message: "检测到大量文件加密活动", severity: "critical" },
            { timestamp: "2024-01-20T10:16:30Z", source: "文件服务器", message: "发现勒索信息文件: README_TO_DECRYPT.txt", severity: "critical" }
        ],
        threatIntel: [
            { source: "VirusTotal", indicator: "SHA256: b8e7c6d5a4f3e2d1c0b9a8d7e6f5c4b3a2d1e0f9g8h7i6j5k4l3m2n1o0", confidence: 0.98, description: "确认的勒索软件样本" },
            { source: "CrowdStrike", indicator: "203.0.113.42", confidence: 0.90, description: "已知的C2服务器" }
        ],
        relatedEvents: ["event-001"]
    },
    {
        id: "event-003",
        name: "SSH暴力破解攻击",
        threatLevel: "medium",
        attackChainStage: "侦察",
        status: "resolved",
        timestamp: "2024-01-19T22:45:00Z",
        attackType: "暴力破解",
        description: "检测到针对SSH服务的暴力破解尝试，攻击者在短时间内尝试了多个用户名和密码组合。",
        sourceIP: "192.0.2.123",
        targetIP: "10.10.1.45",
        targetHostname: "ssh-gateway-01",
        attackType: "暴力破解",
        attackChain: [
            { stage: "侦察", completed: true, current: true, timestamp: "2024-01-19T22:45:00Z" },
            { stage: "武器化", completed: false },
            { stage: "交付", completed: false },
            { stage: "利用", completed: false },
            { stage: "安装", completed: false },
            { stage: "命令控制", completed: false },
            { stage: "目标达成", completed: false }
        ],
        affectedAssets: [
            { id: "asset-005", ip: "10.10.1.45", hostname: "ssh-gateway-01", type: "堡垒机", threatLevel: "medium" }
        ],
        payload: {
            raw: "SSH登录尝试: root/123456, admin/password, test/test123",
            hex: "535348204C4F47494E2054525920726F6F742F313233343536",
            ascii: "SSH LOGIN TRY root/123456",
            hash: "SHA256: c9d8e7f6a5b4c3d2e1f0a9b8c7d6e5f4a3b2c1d0e9f8g7h6i5j4k3l2m1n0",
            extractedFeatures: [
                "常见弱密码模式",
                "字典攻击特征",
                "短时间内多次尝试"
            ]
        },
        networkTraffic: {
            sourceIP: "192.0.2.123",
            sourcePort: 48765,
            destIP: "10.10.1.45",
            destPort: 22,
            protocol: "SSH",
            method: "NONE",
            url: "NONE",
            userAgent: "NONE",
            geoLocation: "印度，孟买"
        },
        logs: [
            { timestamp: "2024-01-19T22:45:10Z", source: "SSH服务", message: "Failed password for root from 192.0.2.123 port 48765 ssh2", severity: "medium" },
            { timestamp: "2024-01-19T22:45:15Z", source: "SSH服务", message: "Failed password for admin from 192.0.2.123 port 48765 ssh2", severity: "medium" },
            { timestamp: "2024-01-19T22:45:20Z", source: "SSH服务", message: "Failed password for test from 192.0.2.123 port 48765 ssh2", severity: "medium" },
            { timestamp: "2024-01-19T22:45:25Z", source: "Fail2ban", message: "Ban 192.0.2.123 after 3 failed attempts", severity: "info" }
        ],
        threatIntel: [
            { source: "AbuseIPDB", indicator: "192.0.2.123", confidence: 0.80, description: "已知的SSH暴力破解源" },
            { source: "Shodan", indicator: "192.0.2.123", confidence: 0.75, description: "运行自动化攻击工具的服务器" }
        ],
        relatedEvents: ["event-001"]
    },
    {
        id: "event-004",
        name: "敏感数据泄露",
        threatLevel: "high",
        attackChainStage: "目标达成",
        status: "pending",
        timestamp: "2024-01-18T16:20:00Z",
        attackType: "数据泄露",
        description: "检测到内部系统数据被大量导出到外部服务器，可能涉及客户敏感信息。",
        sourceIP: "10.10.2.33",
        targetIP: "198.51.100.200",
        targetHostname: "unknown-external",
        attackType: "数据泄露",
        attackChain: [
            { stage: "侦察", completed: true, timestamp: "2024-01-18T09:00:00Z" },
            { stage: "武器化", completed: true, timestamp: "2024-01-18T10:30:00Z" },
            { stage: "交付", completed: true, timestamp: "2024-01-18T11:00:00Z" },
            { stage: "利用", completed: true, timestamp: "2024-01-18T14:00:00Z" },
            { stage: "安装", completed: true, timestamp: "2024-01-18T15:00:00Z" },
            { stage: "命令控制", completed: true, timestamp: "2024-01-18T16:00:00Z" },
            { stage: "目标达成", completed: true, current: true, timestamp: "2024-01-18T16:20:00Z" }
        ],
        affectedAssets: [
            { id: "asset-006", ip: "10.10.2.33", hostname: "internal-workstation-12", type: "员工工作站", threatLevel: "high" },
            { id: "asset-007", ip: "10.10.8.78", hostname: "data-server-05", type: "数据服务器", threatLevel: "critical" }
        ],
        payload: {
            raw: "[数据导出记录]",
            hex: "5B44415441204558504F5254205245434F52445D",
            ascii: "[DATA EXPORT RECORD]",
            hash: "SHA256: d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0g1h2i3j4k5l6m7n8o9p0",
            extractedFeatures: [
                "批量数据查询",
                "异常大小文件传输",
                "非工作时间操作"
            ]
        },
        networkTraffic: {
            sourceIP: "10.10.2.33",
            sourcePort: 51234,
            destIP: "198.51.100.200",
            destPort: 443,
            protocol: "HTTPS",
            method: "POST",
            url: "/upload",
            userAgent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/108.0.0.0",
            geoLocation: "德国，柏林"
        },
        logs: [
            { timestamp: "2024-01-18T16:15:00Z", source: "DLP", message: "检测到大量敏感数据传输: 约500MB客户记录", severity: "critical" },
            { timestamp: "2024-01-18T16:18:00Z", source: "代理服务器", message: "异常的HTTPS上传流量到未知域名", severity: "high" },
            { timestamp: "2024-01-18T16:20:00Z", source: "数据服务器", message: "大量SELECT查询执行，涉及客户信息表", severity: "high" }
        ],
        threatIntel: [
            { source: "RecordedFuture", indicator: "198.51.100.200", confidence: 0.92, description: "已知的数据窃取服务器" },
            { source: "DomainTools", indicator: "[域名信息]", confidence: 0.88, description: "最近注册的可疑域名" }
        ],
        relatedEvents: []
    },
    {
        id: "event-005",
        name: "内部威胁行为检测",
        threatLevel: "medium",
        attackChainStage: "侦察",
        status: "analyzing",
        timestamp: "2024-01-17T09:15:00Z",
        attackType: "内部威胁",
        description: "检测到特权账户异常登录行为，用户尝试访问未授权的系统资源。",
        sourceIP: "10.10.3.89",
        targetIP: "10.10.7.22",
        targetHostname: "hr-system-01",
        attackType: "内部威胁",
        attackChain: [
            { stage: "侦察", completed: true, current: true, timestamp: "2024-01-17T09:15:00Z" },
            { stage: "武器化", completed: false },
            { stage: "交付", completed: false },
            { stage: "利用", completed: false },
            { stage: "安装", completed: false },
            { stage: "命令控制", completed: false },
            { stage: "目标达成", completed: false }
        ],
        affectedAssets: [
            { id: "asset-008", ip: "10.10.3.89", hostname: "it-admin-pc-03", type: "管理员工作站", threatLevel: "medium" },
            { id: "asset-009", ip: "10.10.7.22", hostname: "hr-system-01", type: "HR系统服务器", threatLevel: "high" }
        ],
        payload: {
            raw: "[权限提升尝试]",
            hex: "5B50524956494C45474520454C45564154494F4E20415454454D50545D",
            ascii: "[PRIVILEGE ELEVATION ATTEMPT]",
            hash: "SHA256: e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0g1h2i3j4k5l6m7n8o9p0q1",
            extractedFeatures: [
                "越权访问尝试",
                "敏感目录浏览",
                "权限提升命令"
            ]
        },
        networkTraffic: {
            sourceIP: "10.10.3.89",
            sourcePort: 49876,
            destIP: "10.10.7.22",
            destPort: 445,
            protocol: "SMB",
            method: "NONE",
            url: "NONE",
            userAgent: "NONE",
            geoLocation: "内部网络"
        },
        logs: [
            { timestamp: "2024-01-17T09:15:20Z", source: "AD服务器", message: "异常权限访问: IT管理员尝试访问HR系统", severity: "high" },
            { timestamp: "2024-01-17T09:16:30Z", source: "HR系统", message: "多次访问被拒绝: 权限不足", severity: "medium" },
            { timestamp: "2024-01-17T09:18:00Z", source: "SOC", message: "触发行为分析规则: 异常访问模式", severity: "medium" }
        ],
        threatIntel: [
            { source: "内部行为基线", indicator: "用户ID: admin003", confidence: 0.85, description: "偏离正常行为模式" },
            { source: "SIEM规则", indicator: "规则#2345", confidence: 0.90, description: "检测到越权访问尝试" }
        ],
        relatedEvents: []
    }
];

// 将数据存储到localStorage
function initLocalStorageData() {
    if (!localStorage.getItem('securityEvents')) {
        localStorage.setItem('securityEvents', JSON.stringify(mockSecurityEvents));
    }
}

// 获取所有事件
function getAllEvents() {
    const events = localStorage.getItem('securityEvents');
    return events ? JSON.parse(events) : mockSecurityEvents;
}

// 根据ID获取事件
function getEventById(eventId) {
    const events = getAllEvents();
    return events.find(event => event.id === eventId);
}

// 更新事件状态
function updateEventStatus(eventId, status) {
    const events = getAllEvents();
    const eventIndex = events.findIndex(event => event.id === eventId);
    if (eventIndex !== -1) {
        events[eventIndex].status = status;
        localStorage.setItem('securityEvents', JSON.stringify(events));
        return true;
    }
    return false;
}

// 初始化数据
initLocalStorageData();